AI Sec Watch

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 contain a format string vulnerability (a bug where attackers can manipulate how data is printed to cause crashes) in the tf.strings.as_string function. By controlling the `fill` argument, an attacker can trigger a segmentation fault (a crash caused by accessing invalid memory).

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 have a bug in the Shard API (a feature that divides work across multiple processors) where functions with smaller integer types are used instead of the required 64-bit integers. When processing large amounts of data, this causes integer truncation (cutting off the extra digits), which can lead to memory crashes, data corruption, or unauthorized memory access.

TensorFlow versions before 2.3.1 have a bug in the `RaggedCountSparseOutput` function where it doesn't properly check that input arguments are valid ragged tensors (a special data structure for storing data with varying lengths). This missing validation can cause a heap buffer overflow (reading memory outside the allowed bounds), which could crash the program or potentially allow attackers to execute code.

TensorFlow versions before 2.3.1 have a bug in the `RaggedCountSparseOutput` function where it doesn't properly check that input data is valid, which can cause a heap buffer overflow (unsafe memory access that corrupts data). If the first value in the `splits` tensor (a structure that partitions data) isn't 0, the program crashes with a segmentation fault (an error when accessing memory illegally).

TensorFlow before version 2.3.1 has a bug in the `RaggedCountSparseOutput` function where it doesn't check that the `splits` tensor (a data structure that describes how elements are grouped in a ragged tensor, which is an array with uneven row lengths) has enough elements. If a user provides an empty or single-element `splits` tensor, the program crashes with a SIGABRT signal (an abort signal sent by the operating system).

TensorFlow (an open-source machine learning framework) versions before 2.3.1 have a bug in the `SparseCountSparseOutput` function where it doesn't check that two input arrays called `indices` and `values` have matching sizes. When the code tries to read from both arrays at the same time without this check, it can accidentally access memory outside the bounds of allocated space, which is a serious security risk.

TensorFlow before version 2.3.1 has a bug in the `SparseCountSparseOutput` function where it doesn't check that input data is in the correct format, specifically that the `indices` tensor (a data structure holding array positions) has the right shape. Attackers can exploit this by sending incorrectly shaped data, which causes the program to crash and creates a denial of service (a type of attack that makes a service unavailable). This vulnerability affects TensorFlow systems where users can control input data.

TensorFlow version 2.3.0 has a vulnerability in two functions, `SparseCountSparseOutput` and `RaggedCountSparseOutput`, that don't check whether the weights tensor (a data structure with values and their positions) matches the shape of the main data being processed. This missing validation allows an attacker to read data outside the intended memory area by providing fewer weights than data values, potentially exposing sensitive information from the computer's memory.

TensorFlow versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 contain a heap buffer overflow (a type of memory error where a program writes data outside its allocated memory space) in the `SparseFillEmptyRowsGrad` function. The bug occurs because of incorrect array indexing that allows `reverse_index_map(i)` to access memory beyond the bounds of `grad_values`, potentially causing the program to crash or behave unexpectedly.